From c11d8f2f7c4e077de604382c0c5c60baaa4bd40b Mon Sep 17 00:00:00 2001
From: Alex Wright <alex@xeentech.com>
Date: Mon, 2 Mar 2020 01:14:41 +0100
Subject: [PATCH] Adding cookie to track session.

Now I can access postgres from the guards I think I can do better.
---
 src/main.rs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 7ef2bac..7721e34 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -28,6 +28,10 @@ use num::BigUint;
 use openssl::rsa::Rsa;
 
 use ldap3::{ LdapConn, Scope, SearchEntry };
+use rocket::http::{
+    Cookie,
+    Cookies,
+};
 use rocket::request::{
     FlashMessage,
     Form,
@@ -149,7 +153,7 @@ fn login_form(flash: Option<FlashMessage<'_, '_>>) -> Template {
 }
 
 #[post("/login", data = "<form_data>")]
-fn login(form_data: Form<LoginData>, conn: AuthDb) -> Result<Redirect, Flash<Redirect>> {
+fn login(form_data: Form<LoginData>, conn: AuthDb, mut cookies: Cookies) -> Result<Redirect, Flash<Redirect>> {
     let auth = BasicAuthentication {
         username: form_data.username.to_owned(),
         password: form_data.password.to_owned(),
@@ -165,6 +169,7 @@ fn login(form_data: Form<LoginData>, conn: AuthDb) -> Result<Redirect, Flash<Red
     if ! user.is_active {
         return Err(Flash::error(Redirect::to(uri!(login_form)), "Account is suspended"));
     }
+    cookies.add_private(Cookie::new("user_id", user.id.to_string()));
     println!("User: {:?}", user);
 
     Ok(Redirect::to("/"))
@@ -227,7 +232,7 @@ impl<'a, 'r> FromRequest<'a, 'r> for User {
     type Error = ();
 
     fn from_request(request: &'a Request<'r>) -> Outcome<Self, Self::Error> {
-        let mut user_id = match request.cookies().get_private("user_id") {
+        let user_id = match request.cookies().get_private("user_id") {
             Some(cookie) => cookie.value().to_string(),
             None => return Outcome::Forward(()),
         };